Hit when using buildroot. I use MALLOC_CHECK_ and MALLOC_PERTURB_ in my environment, so these kinds of things pop up every now and then :) .
Please keep me CC'd; I am not subscribed.
Thanks,
--Ben
Ben Boeckel (1): confdata: fix invalid write
extra/config/confdata.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-)
stndup will copy *up to* the size parameter, not allocate a buffer of that size, so the buffer is not necessarily large enough to fit the ".old" extension.
Caught with glibc's MALLOC_CHECK_=3.
Signed-off-by: Ben Boeckel mathstuf@gmail.com --- extra/config/confdata.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/extra/config/confdata.c b/extra/config/confdata.c index 61c91c2..94c63c0 100644 --- a/extra/config/confdata.c +++ b/extra/config/confdata.c @@ -814,7 +814,8 @@ next: fclose(out);
if (*tmpname) { - dirname = strndup(basename, strlen(basename) + 4); + dirname = malloc(strlen(basename) + 4 + 1); + strcpy(dirname, basename); strcat(dirname, ".old"); rename(newname, dirname); free(dirname);
Hi Ben, Ben Boeckel wrote,
stndup will copy *up to* the size parameter, not allocate a buffer of that size, so the buffer is not necessarily large enough to fit the ".old" extension.
Caught with glibc's MALLOC_CHECK_=3.
Signed-off-by: Ben Boeckel mathstuf@gmail.com
Thanks. Applied and pushed,
best regards Waldemar
-
Ben Boeckel -
Waldemar Brodkorb